For TlsConfigureSession(), it makes sense to exempt EFI_NOT_FOUND from TlsConfigCipherList() / gRT->GetVariable(), because there is a default cipher list (SSL_DEFAULT_CIPHER_LIST) we can fall back to.
The same is not true of TlsConfigCertificate(), because there is no default CA cert list. The platform (or the user of the Setup utility) is required to configure a CA cert list first. Remove the misleading comment and status code mapping in TlsConfigCertificate(). Cc: Jiaxin Wu <jiaxin...@intel.com> Cc: Siyuan Fu <siyuan...@intel.com> Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Laszlo Ersek <ler...@redhat.com> --- NetworkPkg/HttpDxe/HttpsSupport.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/NetworkPkg/HttpDxe/HttpsSupport.c b/NetworkPkg/HttpDxe/HttpsSupport.c index 9103987a0e4c..baab77225fdf 100644 --- a/NetworkPkg/HttpDxe/HttpsSupport.c +++ b/NetworkPkg/HttpDxe/HttpsSupport.c @@ -423,9 +423,7 @@ TlsConfigCertificate ( if (EFI_ERROR (Status)) { // // GetVariable still error or the variable is corrupted. - // Fall back to the default value. // - Status = EFI_NOT_FOUND; goto FreeCACert; } -- 2.14.1.3.gb7cf6e02401b _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel